|
Title: Just had my gmail, then poloniex and cryptorush.in hacked, bitcoins stolen Post by: rebel24 on March 02, 2014, 06:13:09 AM Just thought I'd let you guys know so you dont let it happen to you.
I never saw this coming and am pretty security conscious. I lost about 2 bitcoins worth.. over $1000 worth at today's prices... I have taken some new security precautions but I recommend you guys to do the same- firstly, use a unique password for your main email account, that you dont use anywhere else. also add a phone number for alerts to your phone if someone does pass a log-in verification most my coins are offline... the only ones there were mainly ones I had open for trades.... but for my wallets, I am using an encryption key now which I use nowhere else... and I am storing these encryption key passwords basically offline as well. Was just shocking to me... I want to ask you guys too, because he hacked into my gmail account (can he see my other saved passwords I had? I use chrome and I have some saved passwords in there... but for me to access them on my computer I have to put my windows password in, but what if his on his own computer or an iphone/android? my iphone wouldn't show the passwords, but what if he is on another computer, can he see them then without anything but that gmail password?) Title: Re: Just had my gmail, then poloniex and cryptorush.in hacked, bitcoins stolen Post by: philipmicklon on March 02, 2014, 06:16:37 AM 2FA is a must when you're dealing with BTC.
Title: Re: Just had my gmail, then poloniex and cryptorush.in hacked, bitcoins stolen Post by: rebel24 on March 02, 2014, 06:27:05 AM I believe it did have 2 factor authentication, because it emailed my email to confirm the transaction, and he had access to my gmail.
You make a good point, but the only way it should be done is via phone authentication. I will also add, the only reason I caught it quickly was because he hacked into my secondary email, which has duplicates sent to my main email. when I logged into my secondary email, those confirmation emails were deleted (I suppose to prevent me from knowing I was hacked) Title: Re: Just had my gmail, then poloniex and cryptorush.in hacked, bitcoins stolen Post by: rebel24 on March 02, 2014, 06:45:27 AM Just thought I'd let you guys know so you dont let it happen to you. I never saw this coming and am pretty security conscious. I lost about 2 bitcoins worth.. over $1000 worth at today's prices... I have taken some new security precautions but I recommend you guys to do the same- firstly, use a unique password for your main email account, that you dont use anywhere else. also add a phone number for alerts to your phone if someone does pass a log-in verification most my coins are offline... the only ones there were mainly ones I had open for trades.... but for my wallets, I am using an encryption key now which I use nowhere else... and I am storing these encryption key passwords basically offline as well. Was just shocking to me... I want to ask you guys too, because he hacked into my gmail account (can he see my other saved passwords I had? I use chrome and I have some saved passwords in there... but for me to access them on my computer I have to put my windows password in, but what if his on his own computer or an iphone/android? my iphone wouldn't show the passwords, but what if he is on another computer, can he see them then without anything but that gmail password?) You had you poloniex password saved on your computer somewhere? Would this have been prevented if the only location of your passwords was written down on paper? no it was not saved on my computer.. he initiated a password rest, then because he had access to my email, he accessed my account the question is how did he get my email address login and password (and somehow know I used bitcoin too), my idea is probably one of the smaller exchanges I signed up for (about half a dozen of em, nothing crazy), that is my guess.. Title: Re: Just had my gmail, then poloniex and cryptorush.in hacked, bitcoins stolen Post by: Nathonas on March 02, 2014, 06:49:18 AM 2FA is a must when you're dealing with BTC. 2FA with google authenticator. /endthread Title: Re: Just had my gmail, then poloniex and cryptorush.in hacked, bitcoins stolen Post by: g27wr on March 02, 2014, 06:51:47 AM Just thought I'd let you guys know so you dont let it happen to you. I never saw this coming and am pretty security conscious. I lost about 2 bitcoins worth.. over $1000 worth at today's prices... I have taken some new security precautions but I recommend you guys to do the same- firstly, use a unique password for your main email account, that you dont use anywhere else. also add a phone number for alerts to your phone if someone does pass a log-in verification most my coins are offline... the only ones there were mainly ones I had open for trades.... but for my wallets, I am using an encryption key now which I use nowhere else... and I am storing these encryption key passwords basically offline as well. Was just shocking to me... I want to ask you guys too, because he hacked into my gmail account (can he see my other saved passwords I had? I use chrome and I have some saved passwords in there... but for me to access them on my computer I have to put my windows password in, but what if his on his own computer or an iphone/android? my iphone wouldn't show the passwords, but what if he is on another computer, can he see them then without anything but that gmail password?) You had you poloniex password saved on your computer somewhere? Would this have been prevented if the only location of your passwords was written down on paper? no it was not saved on my computer.. he initiated a password rest, then because he had access to my email, he accessed my account the question is how did he get my email address login and password (and somehow know I used bitcoin too), my idea is probably one of the smaller exchanges I signed up for (about half a dozen of em, nothing crazy), that is my guess.. You could be right. It may have been someone from an exchange. We really have no way of knowing who is behind the scenes. New passwords everywhere!! Title: Re: Just had my gmail, then poloniex and cryptorush.in hacked, bitcoins stolen Post by: Krona Rev on March 02, 2014, 09:56:11 AM OP: Sorry for your loss of 2btc. I'm glad to hear you keep most of your coins offline. I wish more people would.
Regarding 2FA, I would be very reluctant to trust google (either gmail or google authenticator) when it comes to security and/or cryptocurrency. No third party should be trusted, obviously, but at this point it is clear that trusting google means trusting the NSA and other dark forces in the US Govt. Don't do it. Please don't do it. One day this Mt. Gox fiasco could look minor compared to the damage someone could use google to do. Just keep as many of your coins offline as possible, and be prepared to lose all coins that are online. Title: Re: Just had my gmail, then poloniex and cryptorush.in hacked, bitcoins stolen Post by: corebob on March 02, 2014, 10:48:50 AM The problem with giving Google your phone number is that you also give NSA what they need to associate your telephone calls with your emails
Title: Re: Just had my gmail, then poloniex and cryptorush.in hacked, bitcoins stolen Post by: crazy_rabbit on March 02, 2014, 11:17:27 AM Yubikey is your friend.
Title: Re: Just had my gmail, then poloniex and cryptorush.in hacked, bitcoins stolen Post by: Krona Rev on March 02, 2014, 11:26:34 AM Does any service offer 2FA via bitmessage?
Title: Re: Just had my gmail, then poloniex and cryptorush.in hacked, bitcoins stolen Post by: freebit13 on March 02, 2014, 12:58:53 PM Use Google.../endthread?
Stop trusting a central authority to secure your information... that's just not bitcoin ;) Title: Re: Just had my gmail, then poloniex and cryptorush.in hacked, bitcoins stolen Post by: p-webcorp on March 02, 2014, 01:18:23 PM 2FA is a must when you're dealing with BTC. 2FA with google authenticator. /endthread 'g' give data, 'g' get protection for it, and the rest of the story is blablabla as the bitcoins are used by criminals etcetc, and the dollars are used only by honest people isn't it? Title: Re: Just had my gmail, then poloniex and cryptorush.in hacked, bitcoins stolen Post by: rebel24 on March 02, 2014, 01:21:08 PM I am pretty sure I have figured out what happened, I posted it in another thread so I thought I would share it with you guys-- apparently I am not the only one who has had coins recently stolen from them at poloniex--
what is going on is- poloniex is being DDOS'ed, as well as cryptorush.io I had the same robberies happen at both places. They are DDOS'ing the sites, taking the login info, and, for me, stupidly, I used the same login info for my email as my login there. So they logged into my email to confirm the withdrawls. Now I have 2 way authentication and different passwords, I HIGHLY RECOMMEND EVERYONE DO THIS RIGHT NOW IF YOU HAVENT ALREADY Title: Re: Just had my gmail, then poloniex and cryptorush.in hacked, bitcoins stolen Post by: coinnewbit on March 02, 2014, 01:43:54 PM I am pretty sure I have figured out what happened, I posted it in another thread so I thought I would share it with you guys-- apparently I am not the only one who has had coins recently stolen from them at poloniex-- I just despoited into poloniex the day before. Crapwhat is going on is- poloniex is being DDOS'ed, as well as cryptorush.io I had the same robberies happen at both places. They are DDOS'ing the sites, taking the login info, and, for me, stupidly, I used the same login info for my email as my login there. So they logged into my email to confirm the withdrawls. Now I have 2 way authentication and different passwords, I HIGHLY RECOMMEND EVERYONE DO THIS RIGHT NOW IF YOU HAVENT ALREADY |